feat: add signature mode using "Data Cipher" command (#47)

Author: andrei-cristea

CHANGELOG.md

@@ -8,8 +8,12 @@ and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0
 ### Added
 - `CalypsoCard.getTransactionCounter` method (issue [#42]).
 - `SamRevocationServiceSpi` SPI (issue [#29]).
-- `SignatureComputationData` API (issue [#28]).
-- `SignatureVerificationData` API (issue [#29]).
+- `CommonSignatureComputationData`.
+- `BasicSignatureComputationData`.
+- `TraceableSignatureComputationData` API (issue [#28]).
+- `CommonSignatureVerificationData`.
+- `BasicSignatureVerificationData`.
+- `TraceableSignatureVerificationData` API (issue [#29]).
 - `CommonSecuritySetting` API.
 - `CommonSecuritySetting.setControlSamResource` method as a replacement for the `setSamResource` method.
 - `CommonSecuritySetting.getTransactionAuditData` method (issue [#44]).

src/main/java/org/calypsonet/terminal/calypso/transaction/BasicSignatureComputationData.java

@@ -0,0 +1,22 @@
+/* **************************************************************************************
+ * Copyright (c) 2022 Calypso Networks Association https://calypsonet.org/
+ *
+ * See the NOTICE file(s) distributed with this work for additional information
+ * regarding copyright ownership.
+ *
+ * This program and the accompanying materials are made available under the terms of the
+ * Eclipse Public License 2.0 which is available at http://www.eclipse.org/legal/epl-2.0
+ *
+ * SPDX-License-Identifier: EPL-2.0
+ ************************************************************************************** */
+package org.calypsonet.terminal.calypso.transaction;
+
+/**
+ * Contains the input/output data of the {@link
+ * CommonTransactionManager#prepareComputeSignature(CommonSignatureComputationData)} method for
+ * basic signature computation using the "Data Cipher" SAM command.
+ *
+ * @since 1.2.0
+ */
+public interface BasicSignatureComputationData
+    extends CommonSignatureComputationData<BasicSignatureComputationData> {}

src/main/java/org/calypsonet/terminal/calypso/transaction/BasicSignatureVerificationData.java

@@ -0,0 +1,22 @@
+/* **************************************************************************************
+ * Copyright (c) 2022 Calypso Networks Association https://calypsonet.org/
+ *
+ * See the NOTICE file(s) distributed with this work for additional information
+ * regarding copyright ownership.
+ *
+ * This program and the accompanying materials are made available under the terms of the
+ * Eclipse Public License 2.0 which is available at http://www.eclipse.org/legal/epl-2.0
+ *
+ * SPDX-License-Identifier: EPL-2.0
+ ************************************************************************************** */
+package org.calypsonet.terminal.calypso.transaction;
+
+/**
+ * Contains the input/output data of the {@link
+ * CommonTransactionManager#prepareVerifySignature(CommonSignatureVerificationData)} method for
+ * basic signature verification using the "Data Cipher" SAM command.
+ *
+ * @since 1.2.0
+ */
+public interface BasicSignatureVerificationData
+    extends CommonSignatureVerificationData<BasicSignatureVerificationData> {}

src/main/java/org/calypsonet/terminal/calypso/transaction/CommonSignatureComputationData.java

@@ -0,0 +1,69 @@
+/* **************************************************************************************
+ * Copyright (c) 2022 Calypso Networks Association https://calypsonet.org/
+ *
+ * See the NOTICE file(s) distributed with this work for additional information
+ * regarding copyright ownership.
+ *
+ * This program and the accompanying materials are made available under the terms of the
+ * Eclipse Public License 2.0 which is available at http://www.eclipse.org/legal/epl-2.0
+ *
+ * SPDX-License-Identifier: EPL-2.0
+ ************************************************************************************** */
+package org.calypsonet.terminal.calypso.transaction;
+
+/**
+ * Contains the input/output data of the {@link
+ * CommonTransactionManager#prepareComputeSignature(CommonSignatureComputationData)} method for
+ * common signature computation modes.
+ *
+ * @param <T> The type of the lowest level child object.
+ * @since 1.2.0
+ */
+public interface CommonSignatureComputationData<T extends CommonSignatureComputationData<T>> {
+
+  /**
+   * Sets the data to be signed and the KIF/KVC of the key to be used for the signature computation.
+   *
+   * @param data The data to be signed.
+   * @param kif The KIF of the key to be used for the signature computation.
+   * @param kvc The KVC of the key to be used for the signature computation.
+   * @return The current instance.
+   * @since 1.2.0
+   */
+  T setData(byte[] data, byte kif, byte kvc);
+
+  /**
+   * Sets the expected size of the signature in bytes, which can be between 1 and 8 bytes
+   * (optional).
+   *
+   * <p>By default, the signature will be generated on 8 bytes.
+   *
+   * <p>Note: the longer the signature, the more secure it is.
+   *
+   * @param size The expected size [1..8]
+   * @return The current instance.
+   * @since 1.2.0
+   */
+  T setSignatureSize(int size);
+
+  /**
+   * Sets a specific key diversifier to use before signing (optional).
+   *
+   * <p>By default, the key diversification is performed with the full serial number of the target
+   * card or SAM depending on the transaction context (Card or SAM transaction).
+   *
+   * @param diversifier The diversifier to be used (from 1 to 8 bytes long).
+   * @return The current instance.
+   * @since 1.2.0
+   */
+  T setKeyDiversifier(byte[] diversifier);
+
+  /**
+   * Returns the computed signature.
+   *
+   * @return A byte array of 1 to 8 bytes.
+   * @throws IllegalStateException If the command has not yet been processed.
+   * @since 1.2.0
+   */
+  byte[] getSignature();
+}

src/main/java/org/calypsonet/terminal/calypso/transaction/CommonSignatureVerificationData.java

@@ -0,0 +1,58 @@
+/* **************************************************************************************
+ * Copyright (c) 2022 Calypso Networks Association https://calypsonet.org/
+ *
+ * See the NOTICE file(s) distributed with this work for additional information
+ * regarding copyright ownership.
+ *
+ * This program and the accompanying materials are made available under the terms of the
+ * Eclipse Public License 2.0 which is available at http://www.eclipse.org/legal/epl-2.0
+ *
+ * SPDX-License-Identifier: EPL-2.0
+ ************************************************************************************** */
+package org.calypsonet.terminal.calypso.transaction;
+
+/**
+ * Contains the input/output data of the {@link
+ * CommonTransactionManager#prepareVerifySignature(CommonSignatureVerificationData)} method for
+ * common signature verification modes.
+ *
+ * @param <T> The type of the lowest level child object.
+ * @since 1.2.0
+ */
+public interface CommonSignatureVerificationData<T extends CommonSignatureVerificationData<T>> {
+
+  /**
+   * Sets the signed data, the associated signature and the KIF/KVC of the key to be used for the
+   * signature verification.
+   *
+   * @param data The signed data.
+   * @param signature The associated signature.
+   * @param kif The KIF of the key to be used for the signature verification.
+   * @param kvc The KVC of the key to be used for the signature verification.
+   * @return The current instance.
+   * @since 1.2.0
+   */
+  T setData(byte[] data, byte[] signature, byte kif, byte kvc);
+
+  /**
+   * Sets a specific key diversifier to use before verifying the signature (optional).
+   *
+   * <p>By default, the key diversification is performed with the full serial number of the target
+   * card or SAM depending on the transaction context (Card or SAM transaction).
+   *
+   * @param diversifier The diversifier to be used (from 1 to 8 bytes long).
+   * @return The current instance.
+   * @since 1.2.0
+   */
+  T setKeyDiversifier(byte[] diversifier);
+
+  /**
+   * Returns the result of the signature verification process by indicating if the signature is
+   * valid or not.
+   *
+   * @return True if the signature is valid.
+   * @throws IllegalStateException If the command has not yet been processed.
+   * @since 1.2.0
+   */
+  boolean isSignatureValid();
+}

src/main/java/org/calypsonet/terminal/calypso/transaction/CommonTransactionManager.java

@@ -42,10 +42,10 @@ public interface CommonTransactionManager<
   List<byte[]> getTransactionAuditData();
 
   /**
-   * Schedules the execution of a "PSO Compute Signature" SAM command.
+   * Schedules the execution of a "Data Cipher" or "PSO Compute Signature" SAM command.
    *
    * <p>Once the command is processed, the result will be available in the provided input/output
-   * {@link SignatureComputationData} object.
+   * {@link BasicSignatureComputationData} or {@link TraceableSignatureComputationData} objects.
    *
    * <p>The signature may be used for many purposes, for example:
    *
@@ -64,26 +64,31 @@ public interface CommonTransactionManager<
    * @param data The input/output data containing the parameters of the command.
    * @return The current instance.
    * @throws IllegalArgumentException If the input data is inconsistent.
-   * @see SignatureComputationData
+   * @see CommonSignatureComputationData
+   * @see BasicSignatureComputationData
+   * @see TraceableSignatureComputationData
    * @since 1.2.0
    */
-  T prepareComputeSignature(SignatureComputationData data);
+  T prepareComputeSignature(CommonSignatureComputationData<?> data);
 
   /**
-   * Schedules the execution of a "PSO Verify Signature" SAM command.
+   * Schedules the execution of a "Data Cipher" or "PSO Verify Signature" SAM command.
    *
    * <p>Once the command is processed, the result will be available in the provided input/output
-   * {@link SignatureVerificationData} object.
+   * {@link BasicSignatureVerificationData} or {@link TraceableSignatureVerificationData} objects.
    *
    * @param data The input/output data containing the parameters of the command.
    * @return The current instance.
    * @throws IllegalArgumentException If the input data is inconsistent.
    * @throws SamRevokedException If the signature has been computed in "SAM traceability" mode and
-   *     the SAM revocation status check has been requested and the SAM is revoked.
-   * @see SignatureVerificationData
+   *     the SAM revocation status check has been requested and the SAM is revoked (for traceable
+   *     signature only).
+   * @see CommonSignatureVerificationData
+   * @see BasicSignatureVerificationData
+   * @see TraceableSignatureVerificationData
    * @since 1.2.0
    */
-  T prepareVerifySignature(SignatureVerificationData data);
+  T prepareVerifySignature(CommonSignatureVerificationData<?> data);
 
   /**
    * Process all previously prepared commands.

…ransaction/SignatureComputationData.java …n/TraceableSignatureComputationData.javasrc/main/java/org/calypsonet/terminal/calypso/transaction/SignatureComputationData.java renamed to src/main/java/org/calypsonet/terminal/calypso/transaction/TraceableSignatureComputationData.java src/main/java/org/calypsonet/terminal/calypso/transaction/SignatureComputationData.java renamed to src/main/java/org/calypsonet/terminal/calypso/transaction/TraceableSignatureComputationData.java

@@ -13,48 +13,13 @@
 
 /**
  * Contains the input/output data of the {@link
- * CommonTransactionManager#prepareComputeSignature(SignatureComputationData)} method.
+ * CommonTransactionManager#prepareComputeSignature(CommonSignatureComputationData)} method for
+ * traceable signature computation using the "PSO Compute Signature" SAM command.
  *
  * @since 1.2.0
  */
-public interface SignatureComputationData {
-
-  /**
-   * Sets the data to be signed and the KIF/KVC of the key to be used for the signature computation.
-   *
-   * @param data The data to be signed.
-   * @param kif The KIF of the key to be used for the signature computation.
-   * @param kvc The KVC of the key to be used for the signature computation.
-   * @return The current instance.
-   * @since 1.2.0
-   */
-  SignatureComputationData setData(byte[] data, byte kif, byte kvc);
-
-  /**
-   * Sets the expected size of the signature in bytes, which can be between 1 and 8 bytes
-   * (optional).
-   *
-   * <p>By default, the signature will be generated on 8 bytes.
-   *
-   * <p>Note: the longer the signature, the more secure it is.
-   *
-   * @param size The expected size [1..8]
-   * @return The current instance.
-   * @since 1.2.0
-   */
-  SignatureComputationData setSignatureSize(int size);
-
-  /**
-   * Sets a specific key diversifier to use before signing (optional).
-   *
-   * <p>By default, the key diversification is performed with the full serial number of the target
-   * card or SAM depending on the transaction context (Card or SAM transaction).
-   *
-   * @param diversifier The diversifier to be used (from 1 to 8 bytes long).
-   * @return The current instance.
-   * @since 1.2.0
-   */
-  SignatureComputationData setKeyDiversifier(byte[] diversifier);
+public interface TraceableSignatureComputationData
+    extends CommonSignatureComputationData<TraceableSignatureComputationData> {
 
   /**
    * Enables the "SAM traceability" mode to securely record in the data to sign the SAM serial
@@ -75,7 +40,8 @@ public interface SignatureComputationData {
    * @return The current instance.
    * @since 1.2.0
    */
-  SignatureComputationData withSamTraceabilityMode(int offset, boolean usePartialSamSerialNumber);
+  TraceableSignatureComputationData withSamTraceabilityMode(
+      int offset, boolean usePartialSamSerialNumber);
 
   /**
    * Disables the "Busy" mode. When enabled, if the "PSO Verify Signature" command used to check the
@@ -88,7 +54,7 @@ public interface SignatureComputationData {
    * @return The current instance.
    * @since 1.2.0
    */
-  SignatureComputationData withoutBusyMode();
+  TraceableSignatureComputationData withoutBusyMode();
 
   /**
    * Returns the data that was used to generate the signature. If the "SAM traceability" mode was
@@ -100,13 +66,4 @@ public interface SignatureComputationData {
    * @since 1.2.0
    */
   byte[] getSignedData();
-
-  /**
-   * Returns the computed signature.
-   *
-   * @return A byte array of 1 to 8 bytes.
-   * @throws IllegalStateException If the command has not yet been processed.
-   * @since 1.2.0
-   */
-  byte[] getSignature();
 }